10 Things You Should Know About PCI Compliance - See More Slideshows Like This One

By Cameron Sturdevant |
Posted 2007-10-17

10 Things You Should Know About PCI Compliance

Up-to-Date Network Map
Requirement 1.1.2 asks for a current network diagram with all connections to cardholder data, including any wireless networks. This is essential for managing any network and will significantly decrease the time needed to l

10 Things You Should Know About PCI Compliance - 2.

Sync Router Config Files
Requirement 1.3.6 specifies that a routers running configuration should match its startup configuration. This means that if a router power cycles for some reason, it will come back up in a working state as last configu

10 Things You Should Know About PCI Compliance - 3.

Reduce the Attack Surface
Requirement 2.2.4 mandates that all unnecessary functionality be removed from systems. Dumping unneeded scripts, drivers, features and subsystems is a classic first step in securing a system and almost always mea

10 Things You Should Know About PCI Compliance - 4.

Minimize Cardholder Data Storage
Requirement 3.1 makes it the rule to store only minimal cardholder data. This not only reduces storage costs, but also minimizes the risks associated with storing sensitive data, such as having to disclose data

10 Things You Should Know About PCI Compliance - 5.

Document System and Software Changes
Requirement 6.4 and its progeny mandate the use of a documented change control system to assess change impact, implementing management control over changes and following testing procedures to make sure operati

10 Things You Should Know About PCI Compliance - 6.

Develop Secure Web Apps
Requirement 6.5 calls for developers to use OWASP (Open Web Application Security Project) guidelines to prevent common coding errors. Secure coding practices can be a co-factor leading to more thoughtfully written applicat

10 Things You Should Know About PCI Compliance - 7.

Spindle, Staple and Mutilate
Requirement 9.10 specifies that media containing cardholder data should be destroyed when no longer needed for business or legal reasons. The operational gains include greatly reduced liability and the paring away

10 Things You Should Know About PCI Compliance - 8.

At the Tone, the Time Will Be...
Requirement 10.4 simply states that IT managers must, Synchronize all critical system clocks and times. Correct and centrally managed time services are essential to a well-run network. Implementing a

10 Things You Should Know About PCI Compliance - 9.

Keep an Eye on the Shop
Requirement 11.5 asks that a file integrity monitoring system be deployed to alert IT staff when unauthorized modifications are made to critical system or content files. Preventing unauthorized changes increases the likeli

10 Things You Should Know About PCI Compliance - 10.

Acceptable Use
Requirement 12.3.5 asks for the creation of a policy on acceptable use of technology. Notifying users of what is considered acceptable use makes it clear that unacceptable, and often risky, uses are prohibited. This promotes a heal

10 Things You Should Know About PCI Compliance - See More Slideshows Like This One